Fair Use: Please note that use of the Netcraft site is
subject to our Fair Use and Copyright policies. For more information,
please visit http://www.netcraft.com/about-netcraft/fair-use-copyright/,
or email info@netcraft.com.

Domain Transfers (and Hijackings) to Become Easier

Domain registrars are warning customers that their domain names could become easier to hijack as a change in domain transfer rules takes effect Friday. Under new rules set by the Internet Corporation for Assigned Names and Numbers (ICANN), domain transfer requests will be automatically approved in five days unless they are explicitly denied by the current registrar.

This is a change from current procedure, in which a domain's ownership and nameservers remain unchanged if the current registrar receives no response from a domain owner to a transfer request. Update: Some domain providers say concerns about fraudulent transfers are overblown, noting that ICANN's guidelines still require registrars requesting a transfer from another provider to seek approvals from a domain owner.

The changes could mean trouble for domain owners who don't closely manage their records. Registrars are warning that domains with incorrect e-mail addresses and outdated administrative contact information could be at particular risk, as the domain's WHOIS database information will be used to inform domain owners of transfer requests.

"Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default 'approval' of the transfer," the new rules state. "In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed."

As the deadline for the change approaches, domain registrars are contacting domain owners and insisting that they update domain records to avoid unwanted changes. "From November 8-10, we are sending an email to all domain customers informing you of a new domain transfer policy, enforced by ICANN," Go Daddy told its users. "This policy dictates that we must honor any transfer requests, even if you do not personally confirm them. To prevent unauthorized transfers, lock your domains." There are reports of other registrars providing stern warnings to customers about the need to update their details within five days, perhaps to establish which domains may have outdated info.

Domains have become valuable business assets, yet are often loosely managed by business owners, who neglect to update their WHOIS information following changes in staff or e-mail addresses. Companies that have let critical domains lapse include The Washingon Post, the Gawker weblog and perhaps the most embarassing gaffe yet, the UK domain for Ogilvy Mather.